Secure Boot and Remote Attestation in the Sanctum Processor

During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor. We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA

Improving Security and Reliability of Physical Unclonable Functions Using Machine Learning

Physical Unclonable Functions (PUFs) are promising security primitives for device authenti-cation and key generation. Due to the noise influence, reliability is an important performance metric of PUF-based authentication. In the literature, lots of efforts have been devoted to enhancing PUF reliability by using error correction methods such as error-correcting codes and fuzzy extractor. Ho-wever, one property that most of these prior works overlooked is the non-uniform distribution of PUF response across different bits. This wok proposes a two-step methodology to improve the reliability of PUF under noisy conditions. The first step involves acquiring the parameters of PUF models by using machine lear-ning algorithms. The second step then utilizes these obtained parameters to improve the reliability of PUFs by selectively choosing challenge-response pairs (CRPs) for authentication. Two distinct algorithms for improving the reliability of multiplexer (MUX) PUF, i.e., total delay difference thresholding and sensitive bits grouping, are presented. It is important to note that the methodology can be easily applied to other types of PUFs as well. Our experimental results show that the relia-bility of PUF-based authentication can be significantly improved by the proposed approaches. For example, in one experimental setting, the reliability of an MUX PUF is improved from 89.75% to 94.07% using total delay difference thresholding, while 89.30% of generated challenges are stored. As opposed to total delay difference thresholding, sensitive bits grouping possesses higher efficiency, as it can produce reliable CRPs directly. Our experimental results show that the reliability can be improved to 96.91% under the same setting, when we group 12 bits in the challenge vector of a 128-stage MUX PUF. Besides, because the actual noise varies greatly in different conditions, it is hard to predict the error of of each individual PUF response bit. This wok proposes a novel methodology to improve the efficiency of PUF response error correction based on error-rates. The proposed method first obtains the PUF model by using machine learning techniques, which is then used to predict the error-rates. Intuitively, we are inclined to tolerate errors in PUF response bits with relatively higher error-rates. Thus, we propose to treat different PUF response bits with different degrees of error tolerance, according to their estimated error-rates. Specifically, by assigning optimized weights, i.e., 0, 1, 2, 3, and infinity to PUF response bits, while a small portion of high error rates responses are truncated; the other responses are duplicated to a limited number of bits according to error-rates before error correction and a portion of low error-rates responses bypass the error correction as direct keys. The hardware cost for error correction can also be reduced by employing these methods. Response weighting is capable of reducing the false negative and false positive simultaneously. The entropy can also be controlled. Our experimental results show that the response weighting algorithm can reduce not only the false negative from 20.60% to 1.71%, but also the false positive rate from 1.26 × 10−21 to 5.38 × 10−22 for a PUF-based authentication with 127-bit response and 13-bit error correction. Besides, three case studies about the applications of the proposed algorithm are also discussed. Along with the rapid development of hardware security techniques, the revolutionary gro-wth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this wok presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly im-prove the learning efficiency of PUF modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our ex-perimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mis-labeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs. At last, it is critical to design secure PUF, which can mitigate the countermeasures or modeling attacking from intelligent and adaptive adversaries. Previously, researchers devoted to hiding PUF information by pre- or post processing of PUF challenge/response. However, these methods are still subject to side-channel analysis based hybrid attacks. Methods for increasing the non-linearity of PUF structure, such as feedforward PUF, cascade PUF and subthreshold current PUF, have also been proposed. However, these methods significantly degrade the reliability. Based on the previous work, this work proposes a novel concept, noisy PUF, which achieves modeling attack resistance while maintaining a high degree of reliability for selected CRPs. A possible design of noisy PUF along with the corresponding experimental results is also presented

New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures

A new large class of $2^{100}$ possible stream ciphers as keystream generators KSGs, is presented. The sample cipher-structure-concept is based on randomly selecting a set of 16 maximum-period Nonlinear Feedback Shift Registers (NLFSRs). A non-linear combining function is merging the 16 selected sequences. All resulting stream ciphers with a total state-size of 223 bits are designed to result with the same security level and have a linear complexity exceeding $2^{81}$ and a period exceeding $2^{161}$. A Secret Unknown Cipher (SUC) is created randomly by selecting one cipher from that class of $2^{100}$ ciphers. SUC concept was presented recently as a physical security anchor to overcome the drawbacks of the traditional analog Physically Unclonable Functions (PUFs). Such unknown ciphers may be permanently self-created within System-on-Chip SoC non-volatile FPGA devices to serve as a digital clone-resistant structure. Moreover, a lightweight identification protocol is presented in open networks for physically identifying such SUC structures in FPGA-devices. The proposed new family may serve for lightweight realization of clone-resistant identities in future self-reconfiguring SoC non-volatile FPGAs. Such self-reconfiguring FPGAs are expected to be emerging in the near future smart VLSI systems. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to exhibit scalable security levels even for post-quantum cryptography.Comment: 24 pages, 7 Figures, 3 Table

Performance Metrics and Empirical Results of a PUF Cryptographic Key Generation ASIC

We describe a PUF design with integrated error correction that is robust to various layout implementations and achieves excellent and consistent results in each of the following four areas: Randomness, Uniqueness, Bias and Stability. 133 PUF devices in 0.13 μm technology encompassing seven circuit layout implementations were tested. The PUF-based key generation design achieved less than 0.58 ppm failure rates with 50%+ stability safety margin. 1.75M error correction blocks ran error-free under worst-case V/T corners (±10% V, 125°C/-65°C) and under voltage extremes of ±20% V. All PUF devices demonstrated excellent NIST-random behavior (99 cumulative percentile), a criterion used to qualify random sources for use as keying material for cryptographic-grade applications

Двухмерные физически неклонируемые функции типа арбитр

Objectives. The problem of constructing a new class of physically unclonable functions of the arbiter type (APUF) is being solved, based on the difference in delay times for the inputs of numerous modifications of the base element, due to both an increase in the number of inputs and the topology of their connection. Such an  approach allows building two-dimensional physically unclonable functions (2D-APUF), in which, unlike  classical APUF, the challenge generated for each basic element selects a pair of paths not from two possible, but from a larger number of them. The relevance of such a study is associated with the active development of  physical cryptography. The following goals are pursued in the work: the construction of the basic elements of the APUF and their modifications, the development of a methodology for constructing 2D-APUF.Methods. The methods of synthesis and analysis of digital devices are used, including those based on  programmable logic integrated circuits, the basics of Boolean algebra and circuitry. Results. It is shown that the classical APUF uses a standard basic element that performs two functions,  namely, the function of choosing a pair of paths Select and the function of switching paths Switch, which, due to their joint use, allow achieving high performance. First of all, this concerns the stability of the APUF functioning, which is characterized by a small number of challenge, for which the response randomly takes one of two  possible values 0 or 1. Modifications of the base element in terms of the implementations of its Select and Switch functions are proposed. New structures of the base element are presented in which the modifications of their  implementations are made, including in terms of increasing the number of pairs of paths of the base element from which one of them is selected by the challenge, and the configurations of their switching. The use of  various basic elements makes it possible to improve the main characteristics of APUF, as well as to break the regularity of their structure, which was the main reason for hacking APUF through machine learning. Conclusion. The proposed approach to the construction of physically unclonable 2D-APUF functions, based on the difference in signal delays through the base element, has shown its efficiency and promise. The effect of improving the characteristics of such PUFs has been experimentally confirmed with noticeable improvement in the stability of their functioning. It seems promising to further develop the ideas of constructing two-dimensional physically unclonable functions of the arbiter type, as well as experimental study of their characteristics, as well as resistance to various types of attacks, including using machine learning.Цели. Решается задача построения нового класса физически неклонируемых функций типа арбитр (АФНФ), основанного на различии задержек по входам многочисленных модификаций базового элемента путем увеличения как количества входов, так и топологии их подключения. Подобный подход позволяет строить двухмерные физически неклонируемые функции (2D-АФНФ), в которых в отличие от классических АФНФ запрос, формируемый для каждого базового элемента, выбирает пару путей не из двух возможных, а из большего их количества. Актуальность данного исследования связана с активным развитием физической криптографии. В работе преследуются следующие цели: построение базовых элементов АФНФ и их модификаций, разработка методики построения 2D-АФНФ. Методы. Используются методы синтеза и анализа цифровых устройств, в том числе на программируемых логических интегральных схемах, основы булевой алгебры и схемотехники.  Результаты. Показано, что в классических АФНФ применяется стандартный базовый элемент, выполняющий две функции, а именно функцию выбора пары путей Select и функцию переключения путей Switch, которые за счет их совместного использования позволяют достичь высоких характеристик. В первую очередь это касается стабильности функционирования АФНФ, характеризующейся небольшим числом запросов, для которых ответ случайным образом принимает одно из двух возможных значений:  0 или 1. Предложены модификации базового элемента в части реализаций его функций Select и Switch. Приводятся новые структуры базового элемента с внесенными модификациями их реализаций, в том числе в части увеличения количества пар путей базового элемента, из которых путем запроса выбирается одна из них и конфигурации их переключений. Применение разнообразных базовых элементов позволяет улучшать основные характеристики АФНФ, а также нарушать регулярность их структуры, которая является главной причиной взлома АФНФ путем машинного обучения.Заключение. Предложенный подход к построению 2D-АФНФ, основанный на различии задержек сигналов через базовый элемент, показал свою работоспособность и перспективность. Экспериментально подтвержден эффект улучшения характеристик подобных ФНФ, и в первую очередь стабильности их функционирования. Перспективным представляется дальнейшее развитие идеи построения 2D-АФНФ, экспериментальное исследование их характеристик и устойчивости к различного рода атакам, в том числе с использованием машинного обучения.

2D physically unclonable functions of the arbiter type

Цели. Решается задача построения нового класса физически неклонируемых функций типа арбитр (АФНФ), основанного на различии задержек по входам многочисленных модификаций базового элемента путем увеличения как количества входов, так и топологии их подключения. Подобный подход позволяет строить двухмерные физически неклонируемые функции (2D-АФНФ), в которых в отличие от классических АФНФ запрос, формируемый для каждого базового элемента, выбирает пару путей не из двух возможных, а из большего их количества. Актуальность данного исследования связана с активным развитием физической криптографии. В работе преследуются следующие цели: построение базовых элементов АФНФ и их модификаций, разработка методики построения 2D-АФНФ. Методы. Используются методы синтеза и анализа цифровых устройств, в том числе на программируе мых логических интегральных схемах, основы булевой алгебры и схемотехники. Результаты. Показано, что в классических АФНФ применяется стандартный базовый элемент, выполняющий две функции, а именно функцию выбора пары путей Select и функцию переключения путей Switch, которые за счет их совместного использования позволяют достичь высоких характеристик. В первую очередь это касается стабильности функционирования АФНФ, характеризующейся небольшим числом запросов, для которых ответ случайным образом принимает одно из двух возможных значений: 0 или 1. Предложены модификации базового элемента в части реализаций его функций Select и Switch. Приводятся новые структуры базового элемента с внесенными модификациями их реализаций, в том числе в части увеличения количества пар путей базового элемента, из которых путем запроса выбирается одна из них и конфигурации их переключений. Применение разнообразных базовых элементов позволяет улучшать основные характеристики АФНФ, а также нарушать регулярность их структуры, которая является главной причиной взлома АФНФ путем машинного обучения. Заключение. Предложенный подход к построению 2D-АФНФ, основанный на различии задержек сигналов через базовый элемент, показал свою работоспособность и перспективность. Экспериментально подтвержден эффект улучшения характеристик подобных ФНФ, и в первую очередь стабильности их функционирования. Перспективным представляется дальнейшее развитие идеи построения 2D-АФНФ, экспериментальное исследование их характеристик и устойчивости к различного рода атакам, в том числе с использованием машинного обучения

Design of hardware-based security solutions for interconnected systems

Among all the different research lines related to hardware security, there is a particular topic that strikingly attracts attention. That topic is the research regarding the so-called Physical Unclonable Functions (PUF). The PUFs, as can be seen throughout the Thesis, present the novel idea of connecting digital values uniquely to a physical entity, just as human biometrics does, but with electronic devices. This beautiful idea is not free of obstacles, and is the core of this Thesis. It is studied from different angles in order to better understand, in particular, SRAM PUFs, and to be able to integrate them into complex systems that expand their potential. During Chapter 1, the PUFs, their properties and their main characteristics are defined. In addition, the different types of PUFs, and their main applications in the field of security are also summarized. Once we know what a PUF is, and the types of them we can find, throughout Chapter 2 an exhaustive analysis of the SRAM PUFs is carried out, given the wide availability of SRAMs today in most electronic circuits (which dramatically reduces the cost of deploying any solution). An algorithm is proposed to improve the characteristics of SRAM PUFs, both to generate identifiers and to generate random numbers, simultaneously. The results of this Chapter demonstrates the feasibility of implementing the algorithm, so in the following Chapters it is explored its integration in both hardware and software systems. In Chapter 3 the hardware design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in VLSI designs. In an analogous way, in Chapter 4 the software design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in low-power IoT devices. The algorithm is also described as part of a secure firmware update protocol that has been designed to be resistant to most current attacks, ensuring the integrity and trustworthiness of the updated firmware.In Chapter 5, following the integration of PUF-based solutions into protocols, PUFs are used as part of an authentication protocol that uses zero-knowledge proofs. The cryptographic protocol is a Lattice-based post-quantum protocol that guarantees the integrity and anonymity of the identity generated by the PUF. This type of architecture prevents any type of impersonation or virtual copy of the PUF, since this is unknown and never leaves the device. Specifically, this type of design has been carried out with the aim of having traceability of identities without ever knowing the identity behind, which is very interesting for blockchain technologies. Finally, in Chapter 6 a new type of PUF, named as BPUF (Behavioral and Physical Unclonable Function), is proposed and analyzed according to the definitions given in Chapter 1. This new type of PUF significantly changes the metrics and concepts to which we were used to in previous Chapters. A new multi-modal authentication protocol is presented in this Chapter, taking advantage of the challenge-response tuples of BPUFs. An example of BPUFs is illustrated with SRAMs. A proposal to integrate the BPUFs described in Chapter 6 into the protocol of Chapter 5, as well as the final remarks of the Thesis, can be found in Chapter 7